Ask Wireshark - RSS feedhttps://ask.wireshark.org/questions/Wireshark questions and answersenCopyright Wireshark Foundation, 2017-2019Tue, 14 Aug 2018 09:03:55 +0000I want to understand how Wireshark identifies the L7 applications correctly which are not running on standard port?https://ask.wireshark.org/question/4622/i-want-to-understand-how-wireshark-identifies-the-l7-applications-correctly-which-are-not-running-on-standard-port/ I want to understand how Wireshark identifies the L7 applications correctly? I had my web server listening to port 8888, and I did wget http:server:8888 and got response. Wireshark correctly identified the application as http. How this is achieved?Tue, 14 Aug 2018 08:32:15 +0000https://ask.wireshark.org/question/4622/i-want-to-understand-how-wireshark-identifies-the-l7-applications-correctly-which-are-not-running-on-standard-port/Answer by grahamb for <p>I want to understand how Wireshark identifies the L7 applications correctly? I had my web server listening to port 8888, and I did wget http:server:8888 and got response. Wireshark correctly identified the application as http. How this is achieved?</p>
https://ask.wireshark.org/question/4622/i-want-to-understand-how-wireshark-identifies-the-l7-applications-correctly-which-are-not-running-on-standard-port/?answer=4623#post-id-4623Heuristic dissectors.
A heuristic dissector, such as http, registers for all TCP traffic, and if there no dissector has registered for the port the traffic has been received on, then the TCP dissector calls each heuristic dissector in turn, and each dissector inspects the traffic and decides if it "looks right", and if so dissects it, else declines and passes the opportunity to the next dissector.
See [README.heuristic](https://github.com/wireshark/wireshark/blob/master/doc/README.heuristic) for more info.Tue, 14 Aug 2018 09:03:55 +0000https://ask.wireshark.org/question/4622/i-want-to-understand-how-wireshark-identifies-the-l7-applications-correctly-which-are-not-running-on-standard-port/?answer=4623#post-id-4623